fuzzyPSM: A New Password Strength Meter Using Fuzzy Probabilistic Context-Free Grammars

Wang, Ding; He, Debiao; Cheng, Haibo; Wang, Ping

doi:10.1109/dsn.2016.60

Cited by 55 publications

(37 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Much research [13,16,23,30,33] has therefore been done to develop more robust PSMs so that the estimated password strength matches the actual risk against password crackers better.…”

Section: Related Workmentioning

confidence: 99%

PSV (Password Security Visualizer): From Password Checking to User Education

Aljaffan

Yuan

2017

Human Aspects of Information Security, Privacy and Trust

View full text Add to dashboard Cite

Abstract. This paper presents the Password Security Visualizer (PSV), an interactive visualization system specifically designed for password security education. PSV can be seen as a reconfigurable "box" containing different proactive password checkers (PPCs) and visualizers of password security information, allowing it to be used like a "many in one" or "hybrid" PPC. PSV can provide many new features that do not exist in traditional PPCs, thus having a greater potential to achieve its goals of educating users. Using purely client-side Web-based technologies, we implemented a prototype of PSV as an open-source software tool on a 2-D animated canvas. To evaluate the actual performance of our implemented PSV prototype against traditional PPCs, we conducted a semistructured interview involving 20 human participants. Our qualitative analysis of the results showed that PSV was considered the most informative and recommended by most participants as a good educational tool. To the best of our knowledge, PSV is the first system combining different PPCs together for user education, and the user study is the first of this kind on comparing educational effectiveness of different PPCs (and PPC-like password security tools such as PSV).

show abstract

“…Much research [13,16,23,30,33] has therefore been done to develop more robust PSMs so that the estimated password strength matches the actual risk against password crackers better.…”

Section: Related Workmentioning

confidence: 99%

PSV (Password Security Visualizer): From Password Checking to User Education

Aljaffan

Yuan

2017

Human Aspects of Information Security, Privacy and Trust

View full text Add to dashboard Cite

show abstract

“…Markov-based PSM [28] and PCFG-based PSM [18] were proposed subsequently based on Markov model and PCFG model. Wang et al [12] created a novel PSM on a solid foundation where user usually reuses one of his/her passwords rather than creating a new one. By using two training sets (one as base dictionary and the other as rule learning dictionary), their PSM was able to derive empirically users' mangling rules on passwords and thus more accurate.…”

Section: Related Workmentioning

confidence: 99%

“…We attempt to expand our work by utilizing modification-based relationship between passwords (other relationships we have explored above are still worth deeper research and we leave it for future work). Prior surveys have already provided us with plenty of information on how users modify their passwords: adding digits or symbols at the beginning/end of password, capitalizing a letter, Leet transformation, and so forth [9,12,32,37]. Taking the permitted operations for each type of edit distance into consideration synthetically, we could infer that LD is currently the most appropriate measure of password relationship among all types of edit distance, which actually models real-world users' mangling behaviors (insertion, deletion, and substitution are popular while transposition is not).…”

Section: Rationalementioning

confidence: 99%

“…The conflict between users' limited memory and growing number of passwords they need to organize is the main challenge users are confronted with presently. Users reuse passwords 2 Security and Communication Networks or embed mnemonic information into password [12] to alleviate their burden of memorizing passwords. This implies the unpleasant fact that users select usability over security unconsciously.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Alternative Method for Understanding User-Chosen Passwords

Zheng

Cheng

Zhang

et al. 2018

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

We present in this paper an alternative method for understanding user-chosen passwords. In password research, much attention has been given to increasing the security and usability of individual passwords for common users. Few of them focus on the relationships between passwords; therefore we explore the relationships between passwords: modification-based, similarity-based, and probability-based. By regarding passwords as vertices, we shed light on how to transform a dataset of passwords into a password graph. Subsequently, we introduce some novel notions from graph theory and report on a number of inner properties of passwords from the perspective of graph. With the assistance of Python Graph-tool, we are able to visualize our password graph to deliver an intuitive grasp of user-chosen passwords. Five real-world password datasets are used in our experiments to fulfill our thorough experiments. We discover that (1) some passwords in a dataset are tightly connected with each other; (2) they have the tendency to gather together as a cluster like they are in a social network; (3) password graph has logarithmic distribution for its degrees. Top clusters in password graph could be exploited to obtain the effective mangling rules for cracking passwords. Also, password graph can be utilized for a new kind of password strength meter.

show abstract

“…A mass of research [1][2][3][4][5] focuses on passwords mechanism and other authentication mechanisms for user authentication in various computer systems. But recently, with the rapid development of microblogging, the scale of users is becoming larger and larger.…”

Section: Introductionmentioning

confidence: 99%

Information Propagation Prediction Based on Key Users Authentication in Microblogging

Zhang

Zang

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

In microblogging, key users are a significant factor for information propagation. Key users can affect information propagation size while retweeting the information. In this paper, to predict information propagation, we propose a novel linear model based on key users authentication. This model mines key users to dynamically improve the linear model while predicting information propagation. So our model can not only predict information propagation but also mine key users. Experimental results show that our model can achieve remarkable efficiency on predicting information propagation problem in real microblogging networks. At the same time, our model can find the key users who affect information propagation.

show abstract

fuzzyPSM: A New Password Strength Meter Using Fuzzy Probabilistic Context-Free Grammars

Cited by 55 publications

References 30 publications

PSV (Password Security Visualizer): From Password Checking to User Education

PSV (Password Security Visualizer): From Password Checking to User Education

An Alternative Method for Understanding User-Chosen Passwords

Information Propagation Prediction Based on Key Users Authentication in Microblogging

Contact Info

Product

Resources

About